Vulnerabilities > Improper Authentication

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-3326 Improper Authentication vulnerability in Freebsd
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password.
network
low complexity
freebsd CWE-287
critical
9.8
2023-06-19 CVE-2022-48494 Improper Authentication vulnerability in Huawei Emui
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
network
low complexity
huawei CWE-287
7.5
2023-06-19 CVE-2022-48496 Improper Authentication vulnerability in Huawei Emui
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
network
low complexity
huawei CWE-287
7.5
2023-06-16 CVE-2023-30223 Improper Authentication vulnerability in 4D Server 17/18/19
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.
network
low complexity
4d CWE-287
7.5
2023-06-14 CVE-2023-34367 Improper Authentication vulnerability in Microsoft Windows 7
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack.
network
low complexity
microsoft CWE-287
6.5
2023-06-13 CVE-2023-2638 Improper Authentication vulnerability in Rockwellautomation products
Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.   Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.  This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places.
local
low complexity
rockwellautomation CWE-287
5.0
2023-06-13 CVE-2023-30762 Improper Authentication vulnerability in Kbdevice products
Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series.
network
low complexity
kbdevice CWE-287
critical
9.8
2023-06-13 CVE-2023-29129 Improper Authentication vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6).
network
low complexity
mendix CWE-287
critical
9.8
2023-06-12 CVE-2023-32220 Improper Authentication vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5
Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.
network
low complexity
milesight CWE-287
critical
9.8
2023-06-07 CVE-2023-33553 Improper Authentication vulnerability in Planet Wdrt-1800Ax Firmware 1.01Cp21
An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie.
network
low complexity
planet CWE-287
critical
9.8